Saturday, August 25, 2007
Attackers steal Monster.com user information
Attackers steal Monster.com user information
Jim Carr Aug 21 2007 21:53
Was Monster.com hacked, or did someone take advantage of one of the popular website's fundamental business processes to harvest the personal data of hundreds of thousands of job hunters?
Security researchers at Symantec say the former. Kevin Mandia, a computer forensics expert, believes it might be the latter.
In any case, what is known is that a new trojan, called Infostealer.Monstres, was attempting to access the Monster.com online recruitment website.
"The trojan appears to be using the [probably stolen] credentials of a number of recruiters to login to the website and perform searches for resumes of candidates located in certain countries or working in certain fields," Symantec researcher Amado Hidalgo said in blog post.
"The trojan sends HTTP commands to the Monster.com website to navigate to the Managed Folders section," he added. "It then parses the output from a pop-up window containing the profiles of the candidates that match this recruiter's saved searches."
The trojan extracted personal information from the resumes and uploaded to a remote server, Symantec said. The researchers found 1.6 million pieces of compromised data on a single server. Separately, SecureWorks’ researchers found about a dozen smaller collections of stolen data, which included names and home and email addresses.
The perpetrators then used the collected email addresses to send phishing messages to job hunters whose information was stolen, SecureWorks said.
Mandia, chief executive officer of Mandiant, said he questions whether Monster.com was in fact "hacked."
"I don't see any evidence that Monster.com was hacked at all — it looks like a business process was compromised," he told SCMagazine.com today.
"I'm not convinced data theft is the right definition" for what occurred, he added. "This is a site that collects people's resumes that are publicly available. Monster.com is a site that people pay to find perspective employees, and someone used an account for data mining so they could send spam. I would imagine something like this could have been happening for years."
Symantec said it has told Monster.com of the problem so it can shut down the recruiter accounts stolen by the trojan.
A Monster.com spokesperson did not return a telephone call seeking comment.
Jim Carr Aug 21 2007 21:53
Was Monster.com hacked, or did someone take advantage of one of the popular website's fundamental business processes to harvest the personal data of hundreds of thousands of job hunters?
Security researchers at Symantec say the former. Kevin Mandia, a computer forensics expert, believes it might be the latter.
In any case, what is known is that a new trojan, called Infostealer.Monstres, was attempting to access the Monster.com online recruitment website.
"The trojan appears to be using the [probably stolen] credentials of a number of recruiters to login to the website and perform searches for resumes of candidates located in certain countries or working in certain fields," Symantec researcher Amado Hidalgo said in blog post.
"The trojan sends HTTP commands to the Monster.com website to navigate to the Managed Folders section," he added. "It then parses the output from a pop-up window containing the profiles of the candidates that match this recruiter's saved searches."
The trojan extracted personal information from the resumes and uploaded to a remote server, Symantec said. The researchers found 1.6 million pieces of compromised data on a single server. Separately, SecureWorks’ researchers found about a dozen smaller collections of stolen data, which included names and home and email addresses.
The perpetrators then used the collected email addresses to send phishing messages to job hunters whose information was stolen, SecureWorks said.
Mandia, chief executive officer of Mandiant, said he questions whether Monster.com was in fact "hacked."
"I don't see any evidence that Monster.com was hacked at all — it looks like a business process was compromised," he told SCMagazine.com today.
"I'm not convinced data theft is the right definition" for what occurred, he added. "This is a site that collects people's resumes that are publicly available. Monster.com is a site that people pay to find perspective employees, and someone used an account for data mining so they could send spam. I would imagine something like this could have been happening for years."
Symantec said it has told Monster.com of the problem so it can shut down the recruiter accounts stolen by the trojan.
A Monster.com spokesperson did not return a telephone call seeking comment.
Labels: Monster.com
Thursday, August 09, 2007
VeriSign suffers data breach after July laptop theft
VeriSign suffers data breach after July laptop theft
Frank Washkuch Jr. Aug 6 2007 18:47
VeriSign, the digital certificate vendor responsible for the internet's .com and .net domains, suffered a data breach last month when a laptop was stolen from an employee's vehicle.
An undisclosed number of current and former employees are at risk of identity theft after the burglary, which took place July 12 or 13 in a parking garage in northern California.
The laptop contained names, Social Security numbers, dates of birth, salary information, telephone numbers and home addresses of an undisclosed number of VeriSign employees, according to a notification letter sent to victims.
The Mountain View, Calif.-based company revealed that bank account numbers and password information were not stored on the device.
The breach was first reported on the wizbang blog on Friday.
VeriSign said today in a statement that the employee has left the company. The vendor said it is working to shore up its data-protection policies, which were not followed in this case.
VeriSign disclosed that it has "no reason to believe that the thief or thieves acted with the intent to extract and use this information. The local police have said the theft may be tied to a series of neighborhood burglaries."
"VeriSign is committed to making sure current and former employees whose personal information may have been on the stolen laptop have the support they need to monitor their credit and know how to respond if they identify any problems," VeriSign said today in a statement. "The company has a policy on how to manage laptops that contain sensitive information and company data — which in this case was not followed. That policy includes not leaving laptops in vehicles in plain view, keeping the amount of confidential and sensitive data stored on laptops to a minimum, and using data encryption tools to protect those sets of data that absolutely must be stored on a laptop. Going forward, we will continue to review our security procedures to prevent future human errors of this type."
Avivah Litan, Gartner vice president and distinguished analyst, told SCMagazine.com today that laptop thefts have "zero impact on the bottom line," but said she was disappointed to see a security vendor suffer a breach.
"Certainly a missing or stolen laptop is common, but you don’t want to see that event at a managed security services provider," she said. "It lowers confidence in their abilities when they’re subject to the same breaches they’re helping their customers with."
Last month, Kingston Technology, a data security vendor, reported a breach initiated when thieves infiltrated a company computer two years ago. That hacking put the credit card files of 27,000 customers at risk.
Kingston has said that none of the financial information was misused.
IBM was the victim of a data loss incident in May, when a third-party vendor lost an undisclosed number of tapes while transporting them between an IBM location in Westchester County, N.Y., to a permanent storage facility.
Frank Washkuch Jr. Aug 6 2007 18:47
VeriSign, the digital certificate vendor responsible for the internet's .com and .net domains, suffered a data breach last month when a laptop was stolen from an employee's vehicle.
An undisclosed number of current and former employees are at risk of identity theft after the burglary, which took place July 12 or 13 in a parking garage in northern California.
The laptop contained names, Social Security numbers, dates of birth, salary information, telephone numbers and home addresses of an undisclosed number of VeriSign employees, according to a notification letter sent to victims.
The Mountain View, Calif.-based company revealed that bank account numbers and password information were not stored on the device.
The breach was first reported on the wizbang blog on Friday.
VeriSign said today in a statement that the employee has left the company. The vendor said it is working to shore up its data-protection policies, which were not followed in this case.
VeriSign disclosed that it has "no reason to believe that the thief or thieves acted with the intent to extract and use this information. The local police have said the theft may be tied to a series of neighborhood burglaries."
"VeriSign is committed to making sure current and former employees whose personal information may have been on the stolen laptop have the support they need to monitor their credit and know how to respond if they identify any problems," VeriSign said today in a statement. "The company has a policy on how to manage laptops that contain sensitive information and company data — which in this case was not followed. That policy includes not leaving laptops in vehicles in plain view, keeping the amount of confidential and sensitive data stored on laptops to a minimum, and using data encryption tools to protect those sets of data that absolutely must be stored on a laptop. Going forward, we will continue to review our security procedures to prevent future human errors of this type."
Avivah Litan, Gartner vice president and distinguished analyst, told SCMagazine.com today that laptop thefts have "zero impact on the bottom line," but said she was disappointed to see a security vendor suffer a breach.
"Certainly a missing or stolen laptop is common, but you don’t want to see that event at a managed security services provider," she said. "It lowers confidence in their abilities when they’re subject to the same breaches they’re helping their customers with."
Last month, Kingston Technology, a data security vendor, reported a breach initiated when thieves infiltrated a company computer two years ago. That hacking put the credit card files of 27,000 customers at risk.
Kingston has said that none of the financial information was misused.
IBM was the victim of a data loss incident in May, when a third-party vendor lost an undisclosed number of tapes while transporting them between an IBM location in Westchester County, N.Y., to a permanent storage facility.
Labels: Verisign
